This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2002-12-31
Product Windows Xp Last view 2017-06-22
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

  Date Alert Description
8.1 2017-06-22 CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

7.2 2013-07-31 CVE-2013-3697

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.

6.2 2012-08-25 CVE-2010-5166

** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

6.2 2012-03-28 CVE-2007-6753

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

4.3 2012-02-02 CVE-2010-4562

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.

7.1 2011-06-30 CVE-2011-2600

The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.

9.3 2011-06-16 CVE-2011-0658

Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."

7.8 2011-01-07 CVE-2010-4669

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.

7.2 2010-12-06 CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

6.8 2010-07-02 CVE-2010-2594

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

4.7 2010-02-26 CVE-2010-0719

An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.

5 2009-08-12 CVE-2009-2196

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

4.3 2009-04-01 CVE-2009-1217

Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."

4 2009-01-28 CVE-2009-0320

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."

7.2 2008-05-13 CVE-2008-0322

The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.

6.8 2008-02-12 CVE-2008-0088

Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.

5 2007-06-27 CVE-2006-7210

Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.

7.8 2007-06-05 CVE-2007-0933

Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.

6.8 2007-04-10 CVE-2007-1912

Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.

5 2007-03-20 CVE-2007-1531

Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.

4.3 2006-12-15 CVE-2006-6601

Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0.

7.2 2002-12-31 CVE-2002-2324

The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.

CWE : Common Weakness Enumeration

%idName
16% (3) CWE-399 Resource Management Errors
16% (3) CWE-264 Permissions, Privileges, and Access Controls
16% (3) CWE-189 Numeric Errors
11% (2) CWE-362 Race Condition
11% (2) CWE-200 Information Exposure
11% (2) CWE-20 Improper Input Validation
5% (1) CWE-352 Cross-Site Request Forgery (CSRF)
5% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery (aka Session Riding)
CAPEC-122 Exploitation of Authorization
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-232 Exploitation of Privilege/Trust
CAPEC-234 Hijacking a privileged process

Open Source Vulnerability Database (OSVDB)

id Description
75195 Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS
72959 Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code E...
70390 Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message ...
69501 Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow
65829 Snare Agent Multiple Unspecified CSRF
62660 Microsoft Windows Unspecified API Argument Validation Local DoS
60225 Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Es...
56989 Apple Safari window.blur Function Top Sites Feature Arbitrary Site Manipulation
54700 Microsoft GDI+ gdiplus.dll GpFont:etData Function Crafted EMF File Handling O...
53533 Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information D...
45048 Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege ...
41461 Microsoft Active Directory / ADAM Malformed LDAP Request Remote DoS
38991 Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS
37637 Microsoft Windows Crafted HLP File Overflow
36160 D-Link DWL-G650+ Wireless Driver Beacon TIM Information Element Overflow
33664 Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS
33307 Microsoft Windows Media MID Malformed Header Chunk DoS

ExploitDB Exploits

id Description
29813 Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
3926 MS Windows Vista - Forged ARP packet Network Stack DoS Exploit

OpenVAS Exploits

id Description
2011-06-15 Name : Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
File : nvt/secpod_ms11-038.nasl
2011-05-12 Name : Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
File : nvt/deb_2191_1.nasl
2011-02-09 Name : Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
File : nvt/secpod_ms11-011.nasl
2009-08-19 Name : Apple Safari Multiple Vulnerabilities - Aug09
File : nvt/secpod_apple_safari_mult_vuln_aug09.nasl
2009-04-07 Name : Microsoft GDIPlus Library File Integer Overflow Vulnerability
File : nvt/gb_gdiplus_int_overflow_vuln.nasl
2009-02-03 Name : MS Windows taskmgr.exe Information Disclosure Vulnerability
File : nvt/secpod_ms_taskmgr_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2011-A-0081 Microsoft Windows OLE Automation Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0028597
2011-A-0022 Multiple Vulnerabilities in Microsoft Windows Kernel
Severity: Category I - VMSKEY: V0026065

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt
RuleID : 9801 - Type : FILE-MULTIMEDIA - Revision : 18
2018-03-06 Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt
RuleID : 45586 - Type : FILE-MULTIMEDIA - Revision : 1
2017-04-19 Microsoft Windows empty RDP cookie negotiation attempt
RuleID : 42255-community - Type : OS-WINDOWS - Revision : 4
2017-05-16 Microsoft Windows empty RDP cookie negotiation attempt
RuleID : 42255 - Type : OS-WINDOWS - Revision : 4
2017-02-21 Microsoft Windows RtlQueryRegistryValues buffer overflow attempt
RuleID : 41365 - Type : OS-WINDOWS - Revision : 3
2014-01-10 Microsoft Windows HLP File Handling heap overflow attempt
RuleID : 27168 - Type : FILE-OTHER - Revision : 3
2014-01-10 Microsoft Windows HLP File Handling heap overflow attempt
RuleID : 27167 - Type : FILE-OTHER - Revision : 3
2014-01-10 Microsoft Windows HLP File Handling heap overflow attempt
RuleID : 27166 - Type : FILE-OTHER - Revision : 4
2014-01-10 Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt
RuleID : 21357 - Type : OS-WINDOWS - Revision : 7
2014-01-10 Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt
RuleID : 19184 - Type : OS-WINDOWS - Revision : 13
2014-01-10 Microsoft Windows HLP File Handling heap overflow attempt
RuleID : 17374 - Type : FILE-OTHER - Revision : 7
2014-01-10 Microsoft Windows GDIplus integer overflow attempt
RuleID : 16679 - Type : OS-WINDOWS - Revision : 5
2014-01-10 Microsoft Active Directory LDAP query handling denial of service
RuleID : 16433 - Type : EXPLOIT - Revision : 3
2014-01-10 Microsoft Active Directory LDAP query DoS attempt
RuleID : 16202 - Type : WEB-MISC - Revision : 2
2014-01-10 Microsoft EMF+ GpFont.SetData buffer overflow attempt
RuleID : 15430 - Type : FILE-OTHER - Revision : 7
2014-01-10 Microsoft Active Directory LDAP denial of service attempt
RuleID : 13475 - Type : OS-WINDOWS - Revision : 13

Nessus® Vulnerability Scanner

id Description
2017-06-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_june_xp_2003.nasl - Type: ACT_GATHER_INFO
2013-09-03 Name: The remote host has a client application installed that is affected by multip...
File: novell_client_priv_escalation2.nasl - Type: ACT_GATHER_INFO
2011-06-15 Name: The remote Windows host is affected by a remote code execution vulnerability.
File: smb_nt_ms11-038.nasl - Type: ACT_GATHER_INFO
2011-03-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2191.nasl - Type: ACT_GATHER_INFO
2011-02-08 Name: The Windows kernel is affected by several vulnerabilities that could allow es...
File: smb_nt_ms11-011.nasl - Type: ACT_GATHER_INFO
2009-08-11 Name: The remote host contains a web browser that is affected by several vulnerabil...
File: macosx_Safari4_0_3.nasl - Type: ACT_GATHER_INFO
2009-08-11 Name: The remote host contains a web browser that is affected by several vulnerabil...
File: safari_4_0_3.nasl - Type: ACT_GATHER_INFO
2008-02-12 Name: It is possible to crash Active Directory on the remote host.
File: smb_nt_ms08-003.nasl - Type: ACT_GATHER_INFO